Privacy Notice

Last Updated: April 2026

About Us

This Privacy Notice covers the use of your information by Ithoka Microsystems. Any references in this document to “we”, “our”, or “us” will be interpreted as a reference to Ithoka Microsystems.

Ithoka Microsystems operates the website and infrastructure platforms (including AutoBooks, AgentShield/Talos, Nexus Forensic, and Hungerless). This Privacy Notice informs you of the data processing operations carried out by us in relation to our Site and enterprise software. By accessing our services, you acknowledge the practices described herein.

What Information Do We Process?

We will collect, process, and store personal information about you which will include:

  • Business Contacts & Clients: Your organization’s name, your name, your email address, billing information, and any other data required to execute consulting agreements or SaaS API integrations.
  • Technical Data: Internet protocol (IP) address, your login data, browser type and version, operating system, and telemetry data from the devices you use to access our secure networks.
  • Agent & API Telemetry (Usage Data): If you utilize our Zero-Trust Enclaves or Web3 Oracle integrations, we collect metadata regarding API calls, token exchanges (RFC 8693), and transaction hash logs for FinOps and security monitoring. We do not store the raw private keys or raw invoice payloads outside of temporary, in-memory execution states.
  • Aggregated Data: Statistical or demographic data derived from your usage of our systems for R&D purposes. This data is anonymized and does not directly reveal your identity.

How and Why Do We Use Your Personal Information?

We will only use your personal data when the law allows us to, specifically under the following lawful bases recognized by the Kenya Data Protection Act, 2019:

  • Performance of a Contract: Where we need to perform the services we are about to enter into or have entered into with you (e.g., deploying an AI model).
  • Legitimate Interests: Where it is necessary for our legitimate business interests (e.g., securing our infrastructure against malicious autonomous agents) and your fundamental rights do not override those interests.
  • Legal Obligation: Where we need to comply with a regulatory or legal obligation (e.g., AML/KYC requirements).
  • Consent: Where you have expressly provided consent. You may withdraw this consent at any time.

With Whom Do We Share Your Information?

Your information will be shared internally amongst our engineering and operations staff strictly to carry out their duties. We may share your personal information with:

  • Our professional advisers, such as our accounting and legal partners.
  • Cloud infrastructure and decentralized network providers (e.g., GCP, Vercel, Auth0, RPC node providers) who operate our backend architectures.
  • Government agencies or law enforcement if required by a lawful subpoena or regulatory directive.

Where is Your Information Processed?

Any data stored electronically will be encrypted and stored in our secure cloud servers. As an international R&D firm, we may transfer your personal data outside of Kenya to secure server regions (such as the EU or US).

We ensure that any cross-border transfer of personal information is protected by appropriate safeguards, complying with Section 48 of the Kenya Data Protection Act, 2019, including relying on jurisdictions with commensurate data protection laws or utilizing strict contractual clauses.

Your Rights (Data Subject Rights)

Under Kenyan law, you have the following rights regarding your information:

  • Right to be Informed: To know how we use your data.
  • Right of Access: To request a copy of the personal data we hold about you.
  • Right to Rectification: To have inaccurate or incomplete data corrected.
  • Right to Erasure: To request the deletion of your data where there is no compelling legal reason for us to retain it.
  • Right to Restrict Processing: To block the further use of your information.
  • Right to Data Portability: To obtain your data in a structured, machine-readable format.

Contacting Us and Making a Complaint

To exercise your rights or make a complaint, please contact our engineering and legal team at privacy@ithokamicrosystems.com.

If you remain unsatisfied with our response, you have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) in Kenya via their official channels (www.odpc.go.ke).